Network Scanner |
Network Scanner Functions •Scan (browse) the network for workstations. •Detect Dr.Web Agents on stations. •Install Dr.Web Agent on the detected stations as instructed by the administrator. Dr.Web Agent installation is described in detail in the , p. Installing Dr.Web Agent Software via Dr.Web Security Control Center. Network Scanner Operation Principal Network scanner supports the following search modes: 1.Search in Active Directory 2.Search via NetBIOS 3.Search via ICMP 4.Search via TCP 5.Additional mode: Agent detect. Procedure when all modes are enabled 1.First three modes are run in parallel. Repeated inquiring of already inquired stations is not performed. 2.After ICMP search is complete, the TCP search is launched for stations that have not responded. If ICMP search is disabled, TCP search is launched immediately in parallel with first two modes.
3.For stations found by search via the first four modes, the Agent detect search is launched.
The Agent installed on a protected stations process respective calls of Network Scanner received at a certain port. By default, port udp/2193 is used. Correspondingly, the default port is offered to call by the Scanner. Network Scanner decides whether the Agent is on a station or not basing on the assumption of the possibility to exchange information (request-response) via the specified port.
Network Scanner Launch To scan the network, perform the following actions: 1.Open the Network Scanner window: select the item in the main menu of Dr.Web Security Control Center and in the opened window, select the item in the control menu. The Network Scanner window will be opened. 2.Set the flag to search for stations via ICMP protocol in range of specified IP addresses. 3.Set the flag to search for stations via TCP protocol in range of specified IP addresses. Specify the settings for this mode: •. In the quick network scan mode, only most common ports on stations are checked: 445, 139, 22, 80. •. In the extended network scan mode, a set of frequently used ports are checked. The ports are scanned in the specified order: 445, 139, 135, 1025, 1027, 3389, 22, 80, 443, 25, 21, 7, 19, 53, 110, 115, 123, 220, 464, 465, 515, 873, 990, 993, 995, 1194, 1433, 1434, 2049, 3306, 3690, 4899, 5222, 5269, 5432, 6000, 6001, 6002, 6003, 6004, 6005, 6006, 6007, 6446, 9101, 9102, 9103, 10050, 10051, 8080, 8081, 98, 2193, 8090, 8091, 24554, 60177, 60179. •—the list of IPv4 addresses: ▫single addresses: 10.4.0.10 ▫range of addresses with a hyphen: 172.16.0.1-172.16.0.123 ▫range of addresses with a network prefix: 192.168.0.0/24 If you set several addresses, use “;” or “,” as a separator. •—the list of IPv6 addresses: ▫single addresses ▫range of addresses with a hyphen: [FC00::0001]-[FC00::ffff] ▫with a network prefix: [::ffff:10.0.0.1]/7 If you set several addresses, use “;” or “,” as a separator. 4.Set the flag to search for stations via NetBIOS protocol. Specify the settings for this mode: •—domains list in which stations are searched. Use comma to divide several domains. •Set the flag to use extended scan using data from network browsers. 5.Set the flag to search for stations in the Active Directory domain.
Specify the settings for this mode: •—Active Directory controller, e.g. dc.example.com. •—Active Directory user login. •—Active Directory user password.
•In the drop-down list, select the type of encrypted data exchange: ▫—switching to secured connection is performed by using the STARTTLS command. The 25 port is used by default for the connection. ▫—establish a new secured TLS connection. The 465 port is used by default for the connection. ▫—do not use encryption. Data exchange will be over an unprotected connection. 6.In the General parameters section, specify common settings for all search modes: •—maximum time in seconds to wait a response from a station. •—maximum number of requests to one station waiting for the answer. •—maximum number of stations for simultaneous requests. •Set the flag to display either IP address and DNS name of found stations. If a station is not registered at DNS server, only its IP address displays. •Set the flag to detect installed Agent on a station.
•—UDP protocol port number to call the Agent during the search. The range is 1-65535. The 2193 port is used by default. 7.Click to launch the network scanning. 8.The list of computers demonstrating where Dr.Web Enterprise Security Suite anti-virus software is installed will be loaded into this window. Unfold the catalog elements corresponding to workgroups (domains). All elements of the catalog corresponding to workgroups and individual stations are marked with different icons the meaning of which is given below:
You can also unfold catalog items corresponding to computers with the icon, and check which program components are installed there. |